An object, which has often to be solved in security controllers is the generation of random numbers, and in particular of true random numbers such as they can be generated by a true random-number generator. True random-number generators are also called True RNGs (RNG=Random Number Generator). The implementation of such True RNGs is complex and cost-intensive. Therefore, pseudo-random number generators, so-called PRNGs (PRNG=Pseudo Random Number Generator), are often used, which however generate sequences of numbers based on a deterministic algorithm, starting from an initial value, which, when the algorithm is known, can in principle be discovered by unauthorized people and, hence, are no longer random.
As pseudo-random numbers are considered sequences of numbers, which are calculated by a deterministic algorithm in a pseudo-random number generator and, hence, are not random, but seem to be random for sufficiently short sequences. Since the calculation of the random number is carried out deterministically based on an initial value, which is also called seed, such a generated sequence of numbers is reproducible, if a known initial value is assumed. The resulting sequence of numbers is then predictable by unauthorized people, when they know the algorithm and the initial value.
Traditional true random-number generators necessitate the presence of analogue circuit elements, the implementation of which in primarily digital circuits is however often feared. For example, a true random number could be generated by means of analogue elements by scanning a noise signal the amplitude of which is random.
More widespread is however the use of a pseudo-random number generator, which does of course not provide an optimal sequence of random numbers, but can however be fully implemented in digital technique. Such a pseudo-random number generator necessitates however an initial value. If one wants to avoid that there exists in principle a possibility of backward calculation, this initial value may not be known. This necessitates the initial value of the pseudo-random number generator also to be generated in the chip itself, which is only possible based on a true random-number generator, so that the implementation of a pseudo-random number generator with a known initial value does not solve the problem of impeding a backward calculation.
Since the implementation of a analogue component, as would be necessary for generating a true sequence of random numbers, e.g. on a smart card/chip card, is possible only under certain conditions or at high costs, the problem of generating, on a smart card or another cryptographic device, a random number that cannot be calculated backward is a huge technical problem.